Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a890777d-9628-4511-b4e8-3097904fbfda.roa
File:                     a890777d-9628-4511-b4e8-3097904fbfda.roa (raw, json)
Hash identifier:          MkJW44pkk1F91uIetqvPSZ2JK7NZfMZ5NzKVICIMjLs=
Subject key identifier:   3D:1D:87:04:29:43:F9:85:D8:7C:0F:5A:CE:9F:29:0D:3B:50:FA:CF
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       0296D996995123D6896136192979EE8B204A925E
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a890777d-9628-4511-b4e8-3097904fbfda.roa
Signing time:             Tue 31 Oct 2023 00:00:00 +0000
ROA not before:           Tue 31 Oct 2023 00:00:00 +0000
ROA not after:            Tue 05 Dec 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:96:d9:96:99:51:23:d6:89:61:36:19:29:79:ee:8b:20:4a:92:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 31 00:00:00 2023 GMT
            Not After : Dec  5 23:59:59 2023 GMT
        Subject: serialNumber=37d2125637be4a18c585bdf7dcc031b476f3deda1175d057e1d054ed8fa68245, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:7d:6a:e4:bd:f3:4a:c0:fe:be:4d:77:45:70:
                    59:25:1c:a0:6f:c3:7c:6d:2c:50:7a:aa:d8:75:e0:
                    29:52:cf:ad:5a:7c:fa:a3:94:c5:34:20:ea:ce:22:
                    66:8a:e1:65:f4:42:09:22:5c:1d:f9:ac:c5:91:cc:
                    f5:6b:01:23:18:ba:e6:31:6f:32:c1:bd:8d:d9:06:
                    83:7b:99:6c:a6:55:e0:0d:b5:e3:44:d5:56:5b:7a:
                    49:12:d5:c4:b5:cb:4f:7b:ae:54:36:52:aa:ef:57:
                    83:df:db:57:91:76:43:95:f1:a8:72:28:82:84:19:
                    be:7e:b9:8f:38:06:b6:ea:f0:b1:39:e0:b5:94:67:
                    2b:d9:53:1d:c3:3f:af:5f:3e:73:14:54:0f:f0:6a:
                    c0:59:5c:3b:a0:c4:fd:1b:9b:41:06:da:b4:11:c4:
                    4d:1b:37:28:9c:45:31:45:c7:2f:50:6e:bd:f9:90:
                    be:c3:20:22:ae:2d:fb:b8:05:2b:60:b6:88:18:df:
                    42:98:dd:94:5e:24:20:54:1d:32:fd:e8:f8:d4:8c:
                    10:2e:a2:15:aa:c4:69:ba:f2:f7:e3:2a:f7:af:82:
                    1d:ea:c6:4a:b2:ce:cd:9e:c2:8e:48:f8:f3:52:2f:
                    74:7e:db:e4:02:9e:04:3e:97:7c:f7:4a:15:db:b1:
                    b3:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:1D:87:04:29:43:F9:85:D8:7C:0F:5A:CE:9F:29:0D:3B:50:FA:CF
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a890777d-9628-4511-b4e8-3097904fbfda.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:f8:88:8a:60:96:9d:70:84:7f:e9:97:49:a0:82:74:a2:c5:
         e2:71:0f:b7:1c:9f:07:ae:1f:85:6f:bc:95:49:72:cf:1e:cd:
         9e:ba:0d:14:53:ad:d9:b0:be:ae:ed:b3:01:ba:a5:1a:97:0b:
         72:1f:a8:ff:17:be:41:3c:77:01:c1:08:60:04:30:8b:2b:4e:
         fa:99:02:75:c9:70:ff:6c:b1:1d:b8:83:50:65:d3:db:c3:fa:
         2f:6b:07:71:19:53:9d:f4:39:2a:4e:10:7e:be:d8:ad:17:b8:
         20:6d:28:16:1c:5c:b5:72:73:14:eb:83:5f:17:be:06:0e:1e:
         f2:1e:97:76:57:cb:63:e7:31:38:90:54:db:5a:1d:72:a8:48:
         4e:95:42:db:85:a0:46:47:9a:6f:07:88:e3:8e:f3:32:8d:2f:
         3b:53:29:87:71:5d:99:ac:27:66:01:56:6c:3d:ff:91:89:8d:
         00:07:4d:96:b7:ed:b5:b8:2c:82:66:04:76:46:07:25:17:99:
         20:76:8b:85:69:fc:52:63:0b:12:17:9e:cb:81:ba:c2:47:c6:
         59:83:ed:c9:dc:37:3c:b5:ae:0b:16:b5:b6:cf:83:e0:2a:27:
         37:7f:e8:6e:ae:e6:34:bc:4c:9a:02:13:37:f7:f6:e9:e3:2d:
         1a:ab:16:7c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUApbZlplRI9aJYTYZKXnuiyBKkl4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMDMxMDAwMDAwWhcNMjMxMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0AzN2QyMTI1NjM3YmU0YTE4YzU4NWJkZjdkY2MwMzFiNDc2
ZjNkZWRhMTE3NWQwNTdlMWQwNTRlZDhmYTY4MjQ1MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDIfWrkvfNKwP6+TXdFcFklHKBvw3xtLFB6qth14ClSz61a
fPqjlMU0IOrOImaK4WX0QgkiXB35rMWRzPVrASMYuuYxbzLBvY3ZBoN7mWymVeAN
teNE1VZbekkS1cS1y097rlQ2UqrvV4Pf21eRdkOV8ahyKIKEGb5+uY84Brbq8LE5
4LWUZyvZUx3DP69fPnMUVA/wasBZXDugxP0bm0EG2rQRxE0bNyicRTFFxy9Qbr35
kL7DICKuLfu4BStgtogY30KY3ZReJCBUHTL96PjUjBAuohWqxGm68vfjKvevgh3q
xkqyzs2ewo5I+PNSL3R+2+QCngQ+l3z3ShXbsbOXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUPR2HBClD+YXYfA9azp8pDTtQ+s8wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2E4OTA3NzdkLTk2MjgtNDUxMS1iNGU4LTMwOTc5MDRmYmZkYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADT4iIpglp1whH/pl0mggnSixeJx
D7ccnweuH4VvvJVJcs8ezZ66DRRTrdmwvq7tswG6pRqXC3IfqP8XvkE8dwHBCGAE
MIsrTvqZAnXJcP9ssR24g1Bl09vD+i9rB3EZU530OSpOEH6+2K0XuCBtKBYcXLVy
cxTrg18XvgYOHvIel3ZXy2PnMTiQVNtaHXKoSE6VQtuFoEZHmm8HiOOO8zKNLztT
KYdxXZmsJ2YBVmw9/5GJjQAHTZa37bW4LIJmBHZGByUXmSB2i4Vp/FJjCxIXnsuB
usJHxlmD7cncNzy1rgsWtbbPg+AqJzd/6G6u5jS8TJoCEzf39unjLRqrFnw=
-----END CERTIFICATE-----